InfoSecBulletin Cybersecurity for mankind
New guidance on ransomware, released during this week’s International Counter Ransomware Initiative (CRI) meeting, encourages victims to report attacks to law enforcement promptly and to consult more advisors before deciding to pay a ransom.
Cybersecurity experts from about 70 countries are gathering at the White House this week for the fourth International Counter Ransomware Initiative meeting. This annual event, initiated in 2021, aims to tackle recent ransomware attacks and develop new mitigation strategies.
Micropatches released for Windows zero-day leaking NTLM hashes
VMware Patches Authentication Bypass Flaw in Windows Tool
IngressNightmare
Over 40% of cloud environments are vulnerable to RCE
(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass
Oracle refutes breach after hacker claims 6 million data theft
Russian zero-day seller to offer up to $4 million for Telegram exploits
Cybercriminals Exploit Checkpoint’s Driver in a BYOVD Attack
IBM and Veeam Release Patches in AIX System and Backup
WhatsApp patched zero-click flaw exploited in spyware attacks
CVE-2025-24472
CISA Warns of Fortinet FortiOS Auth Bypass Vuln Exploited in Wild
The UK and Singapore governments released voluntary guidance to help victims of ransomware attacks respond effectively and reduce the impact.
Victims are urged to report attacks and ransom demands to law enforcement and cyber insurance providers. While paying ransoms is not recommended, if victims choose to do so, they should ensure it could positively impact the situation and meets local regulations.
“External experts such as insurers, national technical authorities, law enforcement or cyber incident response companies familiar with ransomware incidents can improve the quality of decision-making,” according to the new guidance. Officials also pointed out that paying the ransom does “not guarantee access to your devices or data.”
Ransomware victims should document their incident response, decisions for mitigating the attack, and any collected data for future reviews. They must also be aware of the regulatory penalties for data breaches.
“Overall, the advice feels complete and aligned,” said Casey Ellis, founder and chief strategy officer at Bugcrowd. “The only change I would consider would be to move the record-your-decision-making to the top of the list. Dealing with these types of incidents can very easily and quickly create a fog-of-war effect inside a ransomed organization.”
Participants at the event worked on various initiatives, such as finalizing a project on secure software and labeling principles by the U.K. and U.S. governments. They also announced the launch of an information-sharing member portal by Australia and a new U.S. government fund to enhance members’ cybersecurity capabilities.
The updated guidance was released following a joint effort by the U.S., U.K., and European governments to arrest and indict members of the Russian cybercriminal underground, including targets like LockBit and Evil Corp.
The U.K. NCSC and the White House did not immediately respond to requests for comments from Information Security Media Group.
